API Testing

Ahmed Elkholy
01551942560
API : Application Programming Interface , it’s intermediate between UI
app and back end , like this website Dummy Rest API Example , and
json place holder ,Google search also consider as an API request .

Web service : is an online API service .

There are two ways to send or receive API data using XML file or JSON
file , using two protocols for this SOUP and REST .

HTTP : Hyper Text Transfer Protocol

HTTP request contains :-

1. Start line
2. Header
3. Blank line
4. Body

Example for XML

<shawrma>
<size> small </size>
<type> chicken </type>

<additions>
<add>tomia</add>
<add>cheese</add>
<add>salad</add>

</additions>

</shawrma>

Example for JSON

{
"shawerma"
:[
{
"size" :"large" ,
"type" : "chicken",
"additions" :["tomia" ,
"tehena" ,"cheese"] },
{
"size" :"small" ,
"type" : "meat",
"additions" :["tomia" , "tehena" ]
}
]
}
So we will use postman to test API , and you can use postman online if
you pressed on

There are famous types of API requests

1. Post : to send data to an API server

2. Get : to receive data from an API server
3. Put : to update data in an API server
4. Delete : to delete data from an API server

PATCH is used for partial updates, where only specific changes are
applied to a resource, while PUT is used for full updates or creation of a
resource, requiring the complete representation of the resource in the
request payload

Post man
The first request in post man ( GET ), so you have first to create a
collection like a folder ,
then the file (Get , Post , …..) ,
the API link httpbin.org/get ,
Finally the response of API will appear at the end of page
Will create another request type which is post using this link
httpbin.org/post , will send JSON data in the body , finally
response of this request will be the same sent data

Another get request is uuid using this link httpbin.org/uuid and it

gets a unique id every time , so we will use SNIPPETS ( predefined
codes ) to store this value in a variable using set a global variable
snippet
Finally we will send uuid value in post request using parameters like
this {{uuid}}

You can run these 3 requests as an automation test by press Run

Collection .

There is another website that you can use it for API testing known as
webhook.site and any request you make on postman will appear at
this website , so first you have to copy Your unique URL from this website
into postman .
You can send parameters with it’s value to this website and you can
send any header with it’s value like X-Do-Not-Track and it’s value is 1 .

And that how request appears at website ⇩

 Body types

None : means nothing in the body

Form-data : like sending username and password
X-www-urlencoded : like the previous
Raw : most used one
Binary : to send something postman does not allowed like photos
GraphQL :API query language

Different between Authorization and Authentication

Authentication : who are you ?
Authorization : are you authorized or allowed to use this feature ,
website or not ?
In summary, authentication deals with verifying the identity of a
user or system, while authorization focuses on determining what
actions or resources the authenticated entity is allowed to access.
Both are crucial components of a comprehensive security strategy to
protect against unauthorized access and misuse of resources.

So we will test authorization for this website https://postman-

echo.com/basic-auth , so before we insert user name
(postman) and password (password ) , we can not access it (
401Unauthorized ) , but after that we can .
Authorization > Basic Auth > postman > password